How to get resource id of terraform resource inside of a for_each loop
Question
I would like to create azure firewall network rules using terraform.
There are quite a few source ips I have to use in my rules collection, so I created an ip group ("ipg_onpremise"). Now I need to reference the ip group from my rule collection. Unfortunately I can not use the name ("ipg_onpremise") for that, but the resource id ("/subscriptions/xx-xx-xx/resourceGroups/rg-shared/providers/Microsoft.Network/ipGroups/ipg_onpremise").
This is my code:
# firewall.tf
resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
name = "onprem-hub"
azure_firewall_name = azurerm_firewall.fw_shared.name
resource_group_name = azurerm_resource_group.rg_shared.name
priority = var.nrc_fw_shared_onprem_hub_rule_priority
action = var.nrc_fw_shared_onprem_hub_rule_action
dynamic "rule" {
for_each = var.nrc_fw_shared_onprem_hub_rules
content {
name = rule.value.name
description = lookup(rule.value, "description", null)
source_addresses = lookup(rule.value, "source_addresses", null)
source_ip_groups = lookup(rule.value, "source_ip_groups" , null)
destination_addresses = lookup(rule.value, "destination_addresses", null)
destination_ip_groups = lookup(rule.value, "destination_ip_groups", null)
destination_ports = lookup(rule.value, "destination_ports", null)
protocols = lookup(rule.value, "protocols", null)
}
}
}
resource "azurerm_ip_group" "ipg_onpremise" {
name = "ipg-onpremise"
location = azurerm_resource_group.rg_shared.location
resource_group_name = azurerm_resource_group.rg_shared.name
cidrs = var.ipg_onpremise_cidrs
}
# terraform.tfvars
nrc_fw_shared_onprem_hub_rules = [
{
name = "onprem->hub"
source_addresses = []
destination_addresses = ["10.0.0.0/16"]
destination_ports = ["*"]
protocols = ["Any"]
source_ip_groups = ["ipg_onpremise"]
destination_ip_groups = []
},
]
When running terraform, I get the following error:
azurerm_firewall_network_rule_collection.nrc_fw_shared_onprem_hub: Creating...
╷
│ Error: creating/updating Network Rule Collection "onprem-hub" in Firewall "fw_shared" (Resource Group "rg-shared"): network.AzureFirewallsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="AzureIpGroupsInvalidResourceId" Message="The resourceId ipg_onpremise is an invalid resourceId of an IpGroup." Details=[]
│
│ with azurerm_firewall_network_rule_collection.nrc_fw_shared_onprem_hub,
│ on firewall.tf line 34, in resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub":
│ 34: resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
│
I have searched for an idea on how to get the id inline, but couldn't find any. Can someone please give me a push into the right direction?
1 answers
solution1
0 2022-07-13 09:59:27
The ID is part of azurerm_ip_group . So you have to refactor a lot of your code:
resource "azurerm_ip_group" "ipg_onpremise" {
for_each = {for idx, val in var.nrc_fw_shared_onprem_hub_rules: idx => val}
name = each.value.name
location = azurerm_resource_group.rg_shared.location
resource_group_name = azurerm_resource_group.rg_shared.name
cidrs = var.ipg_onpremise_cidrs
}
resource "azurerm_firewall_network_rule_collection" "nrc_fw_shared_onprem_hub" {
name = "onprem-hub"
azure_firewall_name = azurerm_firewall.fw_shared.name
resource_group_name = azurerm_resource_group.rg_shared.name
priority = var.nrc_fw_shared_onprem_hub_rule_priority
action = var.nrc_fw_shared_onprem_hub_rule_action
dynamic "rule" {
for_each = var.nrc_fw_shared_onprem_hub_rules
content {
name = rule.value.name
description = lookup(rule.value, "description", null)
source_addresses = lookup(rule.value, "source_addresses", null)
source_ip_groups = azurerm_ip_group.ipg_onpremise[rule.value.name].id
destination_addresses = lookup(rule.value, "destination_addresses", null)
destination_ip_groups = lookup(rule.value, "destination_ip_groups", null)
destination_ports = lookup(rule.value, "destination_ports", null)
protocols = lookup(rule.value, "protocols", null)
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.